Welcome to the SubHub Blog

Why WordPress Should Never Be Used to Manage a Membership Site

Guest Article by Alex Sysoef, the publisher of the successful ‘WordPress How to Spotter’ blog.

This might sound strange coming from me, considering that I make my online living taking full advantage of the membership management capabilities offered by WordPress and yet, here is my statement:

You Should NEVER Use WordPress For “Membership Management!?

On the last webinar for Expert WordPress members I have shared this opinion and received a lot of feedback, which is greatly appreciated. I know that my statement goes against what many other people are currently teaching but I have very good reasons!

Reasons I will share in this blog post and let you decide if my opinion makes sense or not. It is YOUR ONLINE BUSINESS after all!

First allow me to repeat the obvious . . .

I love WordPress and I think as Content Management System it simply has no equals when it comes to functionality, simplicity, extendability and customization options!

WordPress, thanks to its modular design and huge support by community, developers and designers has a solution that can be applied to pretty much any kind of need to present content!

WordPress is constantly developing and enhancing its functionality, with new plugins to extend its ability being constantly introduced (some free and some with a price tag) – and this is one of the reasons I will recommend to anyone reading this post that you . . .

Do Not Use WordPress For Paid Memberships

Anytime we use paid membership, we build business. Business that we rely on to provide us with a steady flow of income we can depend on and build upon. But as part of running a membership business model we commit to our customers to provide them with secure access to our site and to ensure their private information stored within our membership system doesn’t get into hands of hackers!

We Are Obligated To Do Everything In Our Power To Protect Our Customers!

And here is why I think WordPress is a bad fit for a membership site model . . .

Membership Management functionality is currently provided to WordPress via several plugins. Some are commercial and some are free, however it doesn’t matter which one you choose to use, as they all share one big flaw – their dependency on the core of WordPress!

By themselves they will not function and the same goes for the WordPress core – without one of these plugins you can’t have paid membership! This is fact #1!

WordPress is constantly evolving and new versions are released that sometimes make plugins incompatible with the latest version. You either have to wait in upgrading to the latest WordPress core version until the plugin is updated and is fully operational with it or you have to look for new plugin to replace functionality. This is especially true with free plugins. This is fact #2

WordPress is Open Source and its code is constantly under scrutiny not only by the good guys but also by people who are looking for a way to compromise your site. If you have been blogging for a while I’m sure you have seen those WordPress security releases that simply HAVE TO BE DONE ASAP in order to avoid being hacked, as an exploit is in the wild and actively being used. This is fact #3

Now imagine this scenario:

You use a WordPress blog as your membership system. You have several hundred customers paying on a monthly basis (or whatever schedule you use). Like most WordPress blogs, you have several plugins to add functionality – SEO at the very least – and you obviously have at least one plugin that turns your blog into a membership service.

Now imagine that the WordPress core team release a security upgrade that has to be applied ASAP or your blog could be compromised and a hacker could take control of every aspect of your site, including getting FULL ACCESS to your customers information and payment processing.

You quickly contact the developer who created the Membership Management plugin to tell them about the upgrade to ensure it will continue to work. But you learn that he is taking a romantic vacation on a secluded island somewhere in Fiji and will not be back for next couple weeks . . .

What Do You Do?

Do you upgrade the WordPress core, as you should, to protect your content and your customer data but in doing so risk breaking the membership management plugin, with no support available to fix it?

Or do you continue using an unsecure version of WordPress, praying that it doesn’t become a target for attack until the plugin is upgraded, as you simply can’t afford to lose the income?

Or what if you actually do the security upgrade and your membership plugin breaks, but the plugin developer is too busy to fix it … or wants paying to do the work … or promises to fix it in the next two weeks!

Which scenario is better?

I know these are extreme scenarios to make my point, but it is not uncommon that upgrades to the WordPress core break the plugins and it can take weeks or months for the plugins to be upgraded! I know there are always solutions to these problems and you can often outsource fixing the plugin but I personally prefer … and recommend… that a membership solution is not dependant on other software and has dedicated support!

If you are planning to start a membership site I recommend you avoid using WordPress and find a solution that is a single integrated solution.